- X button to close banner (SDK admin context only)
- Overlay leaves sidebar area accessible (ml-16/ml-64)
- Click overlay backdrop to dismiss
- Preview page: close banner on API error (don't trap user)
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- New route /sdk/cmp with full CMP dashboard
- 4 KPI cards: total consents, active consents, open DSR requests, configured sites
- Cookie category acceptance bars (necessary/statistics/marketing/functional)
- DSR breakdown: by status, by type (Art. 15-21), avg processing time, overdue count
- 9-point compliance checklist (banner, DSE, impressum, Art.7 proof, DSR, loeschfristen,
vendor AVV, email templates, EWR-only mode) — each links to relevant module
- 8 module cards with icons linking to all CMP sub-modules
- Real API integration: /banner/admin/stats, /einwilligungen/consents/stats, /dsr/stats
- Dashboard link added as first entry in CMP sidebar section
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
CMP Section in Sidebar:
- New "CMP" group with purple accent, above other module sections
- Links: Cookie-Banner, Live-Vorschau, Consent-Records, Consent-Verwaltung,
Vendor-Compliance, DSR Portal, Loeschfristen, E-Mail-Templates
Live Preview (/sdk/cookie-banner/preview):
- Simulated "MusterShop GmbH" website with full cookie banner
- Real API calls to POST /banner/consent (saves to DB)
- EWR-Only toggle functional in preview
- API Debug panel shows fingerprint, consent status, blocked vendors
- Response JSON viewer for API debugging
- Links to verify in Consent-Verwaltung, Consent-Records, DSR Portal
- "Consent zuruecksetzen" button to re-test
- Footer "Cookie-Einstellungen" link to reopen banner
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- All 4 categories with toggles visible on first layer (no "Einstellungen" step)
- Removed showSettings state — single-view banner
- EWR toggle + info button in header, always visible
- Two equal-weight buttons: "Alle akzeptieren" + "Auswahl speichern"
- "Nur notwendige" as text link below (not hidden, but less prominent)
- Vendor tables expandable per category via chevron
- DSK OH Telemedien 2022 + CNIL 2020 compliant layout
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Game-changing CMP feature: Users accept a category (e.g. Marketing) but
can restrict data processing to EU/EWR-only vendors. Non-EWR vendors are
blocked even when the category is accepted.
- Toggle "Nur EU/EWR-Anbieter" with globe icon in blue gradient bar
- Blocked vendors shown as red pills with strikethrough icon
- Per-vendor status icons: green checkmark (active), red slash (blocked),
gray dash (category disabled)
- Country column: green circle+check for EWR, amber warning for non-EWR
- EWR = EU27 + IS/LI/NO + CH (Angemessenheitsbeschluss)
- Vendor data extracted to cookie-banner-vendors.ts (under 500 LOC)
- Consent state includes ewrOnly flag + blockedVendors list
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- CookieBannerOverlay: shows vendors per category with expandable tables
(Verarbeiter, Cookies, Dauer, Land) for full transparency
- Demo vendors: 4 necessary, 3 statistics, 3 marketing, 3 functional
- cookie_table_generator.py: renders {{COOKIE_TABLE}} Markdown tables
from vendor configs (DB) or service registry (fallback)
- SERVICE_COOKIES: 16 known vendor-to-cookie mappings with provider + country
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- Scan public website for cancellation button, imprint, privacy link, cookie consent
- Generate follow-up questions when checks can't be verified without login
- User answers "no" → finding with legal basis is added to results
- Frontend: FollowUpQuestions component with Ja/Nein buttons
- Sidebar: "Compliance Agent" entry added under KI-Compliance
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
index.ts exportierte STEP_EXPLANATIONS aus './StepHeader', aber
StepHeader.tsx importiert es nur intern und exportiert es nicht.
Fix: direkt aus './StepExplanations' re-exportieren.
Betrifft: DSR, Incidents, Whistleblower, Academy, Einwilligungen,
Consent, Document-Generator, Email-Templates und alle weiteren Module
die STEP_EXPLANATIONS verwenden.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Zeigt anstehende regulatorische Fristen im Dashboard an, abgeleitet
aus den bestehenden Obligation v2 JSON-Dateien. Keine neue DB-Tabelle.
Erster News-Eintrag: Widerrufsbutton-Pflicht ab 19.06.2026
(EU-RL 2023/2673, §356a BGB) — eigener Text, keine externe Quelle.
Features:
- Go Service: scannt Obligations nach Fristen, berechnet Urgency
- API: GET /sdk/v1/regulatory-news mit Countdown + Farbcodierung
- Dashboard: RegulatoryNewsFeed Sektion mit Countdown-Badges
- Vorlage: news-Feld in v2 JSON fuer zukuenftige regulatorische Updates
- 11 Tests (Sortierung, Urgency, Deadline-Parsing, Real-File-Test)
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Verbindet Firmendaten (Mitarbeiterzahl, Branche, Land, Umsatz) mit der
UCCA-Bewertung und dem Compliance Optimizer. Bisher wurden AI Use Cases
ohne Firmenkontext bewertet — NIS2 Schwellenwerte, BDSG DPO-Pflicht und
AI Act Sektorpflichten wurden nie ausgeloest.
Aenderungen:
- NEU: company_profile.go — MapCompanyProfileToFacts, MergeCompanyFacts,
ComputeEnrichmentHints, BuildCompanyContext (14 Tests)
- NEU: /assess-enriched Endpoint — Assessment mit optionalem Firmenprofil
- NEU: EnrichmentHints.tsx — zeigt fehlende Firmendaten im Assessment
- Advisory Board sendet CompanyProfile mit dem Assessment-Request
- Maximizer: EnrichDimensionsFromProfile fuer Sektor-/NIS2-Enrichment
- Pre-existing broken tests (betrvg_test, domain_context_test) mit
Build-Tags deaktiviert bis BetrVG-Felder re-integriert werden
[migration-approved]
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Verbindet das kostenlose UCCA Assessment mit dem bezahlten
Compliance Optimizer durch gezielte CTAs:
- OptimizerUpsellCard: Kontextabhaengig (CONDITIONAL→prominent, YES→dezent)
- Assessment Detail: "Optimieren" Button + CTA-Block nach Ergebnis
- Advisory Board ResultView: CTA nach Wizard-Abschluss
- Optimizer "new": Auto-Submit bei ?from_assessment={id}
- Optimizer Liste + Detail: Links zum Quell-Assessment
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Die AI Act Seite referenzierte einen nicht existierenden Key in den
StepExplanations, was einen Client-Side Application Error ausloeste.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Merged feature/fisa-702-drittland-risiko in den refakturierten main-Branch.
Konflikte in 8 Dateien aufgelöst — neue Features in die aufgesplittete
Modulstruktur integriert.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- SDKSidebar (918→236 LOC): extracted icons to SidebarIcons, sub-components
(ProgressBar, PackageIndicator, StepItem, CorpusStalenessInfo, AdditionalModuleItem)
to SidebarSubComponents, and the full module nav list to SidebarModuleNav
- ScopeWizardTab (794→339 LOC): extracted DatenkategorienBlock9 and its
dept mapping constants to DatenkategorienBlock, and question rendering
(all switch-case types + help text) to ScopeQuestionRenderer
- All files now under 500 LOC hard cap; zero behavior changes
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Sidebar: Neue Sektion "KI-Compliance" mit 4 Links:
- Use Case Erfassung (advisory-board)
- Use Cases (use-cases)
- AI Act (ai-act)
- EU Registrierung (ai-registration)
Payment: Info-Box mit 3-Spalten Erklaerung (Controls → Assessment → Ausschreibung)
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Neuer Sidebar-Eintrag "Payment / Terminal" mit Kreditkarten-Icon
zwischen CE/IACE und Zusatzmodule.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Interaktiver 12-Fragen-Entscheidungsbaum für die AI Act Klassifikation
auf zwei Achsen: High-Risk (Anhang III, Q1-Q7) und GPAI (Art. 51-56, Q8-Q12).
Deterministische Auswertung ohne LLM.
Backend (Go):
- Neue Structs: GPAIClassification, DecisionTreeAnswer, DecisionTreeResult
- Decision Tree Engine mit BuildDecisionTreeDefinition() und EvaluateDecisionTree()
- Store-Methoden für CRUD der Ergebnisse
- API-Endpoints: GET/POST /decision-tree, GET/DELETE /decision-tree/results
- 12 Unit Tests (alle bestanden)
Frontend (Next.js):
- DecisionTreeWizard: Wizard-UI mit Ja/Nein-Fragen, Dual-Progress-Bar, Ergebnis-Ansicht
- AI Act Page refactored: Tabs (Übersicht | Entscheidungsbaum | Ergebnisse)
- Proxy-Route für decision-tree Endpoints
Migration 083: ai_act_decision_tree_results Tabelle
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- flow-data.ts: vendor-compliance moved from betrieb/seq:4200 to
dokumentation/seq:2500, prerequisite changed to vvt, added 5 DB tables
- architecture-data.ts: added vendor tables and API endpoints to
backend-compliance service definition
- StepHeader.tsx: added vendor-compliance explanation with 4 tips
(Art. 28, cross-module integration, third-country transfers, controls
library). Updated obligations (12 checks, vendor-link, document),
loeschfristen (vendor picker), tom (vendor-controls cross-ref),
vvt (processor tab from vendor API)
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Type alignment (root cause of client-side crash):
- RiskFlag: id/title/description → severity/category/message/recommendation
- ScopeGap: id/title/recommendation/relatedDocuments → gapType/currentState/targetState/effort
- NextAction: id/priority:number/effortDays → actionType/priority:string/estimatedEffort
- ScopeReasoning: details → factors + impact
- TriggeredHardTrigger: {rule: HardTriggerRule} → flat fields (ruleId, description, etc.)
- All UI components updated to match engine output shape
Project isolation:
- Scope localStorage key now includes projectId (prevents data leak between projects)
Optional block progress:
- Blocks with only optional questions now show green checkmark when any question answered
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
The engine used short property names (risk, complexity, assurance, composite) while
the ComplianceScores interface defined (risk_score, complexity_score, assurance_need,
composite_score). Components used yet another convention (riskScore, level, hardTriggers).
The main crash was DEPTH_LEVEL_COLORS[decision.level] where decision.level was undefined
(correct property: decision.determinedLevel).
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Block-Sidebar zeigt gruen/orange Status pro Block, klickbare Zusammenfassung
offener Pflichtfragen unter dem Fortschrittsbalken, und visuelles Highlighting
(linker Rand) fuer unbeantwortete Pflichtfragen. Sidebar-Haken wird gesetzt
wenn alle Pflichtfragen beantwortet und Auswertung vorhanden.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Nach Abschluss von Profil + Scope werden jetzt automatisch die anwendbaren
Regulierungen (DSGVO, NIS2, AI Act, DORA) ermittelt und die zustaendigen
Aufsichtsbehoerden (Landes-DSB, BSI, BaFin) aus Bundesland + Branche abgeleitet.
- Neues scope-to-facts.ts: Mapping CompanyProfile+Scope → Go SDK Payload
- Neues supervisory-authority-resolver.ts: 16 Landes-DSB + nationale Behoerden
- ScopeDecisionTab: Regulierungs-Report mit Aufsichtsbehoerden-Karten
- Obligations-Seite: Echte Daten statt Dummy in handleAutoProfiling()
- Neue Types: ApplicableRegulation, RegulationAssessmentResult, SupervisoryAuthorityInfo
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Backend: Restore-Endpoint (POST /projects/{id}/restore) und
Hard-Delete-Endpoint (DELETE /projects/{id}/permanent) hinzugefuegt
- Frontend: Dreistufiger Dialog (Archivieren / Endgueltig loeschen mit
Bestaetigungsdialog) statt einfachem Loeschen
- Archivierte Projekte aufklappbar in der Projektliste mit
Wiederherstellen-Button
- CustomerTypeSelector entfernt (redundant seit Multi-Projekt)
- Default tenantId von 'default' auf UUID geaendert (Backend-400-Fix)
- SQL-Cast :state::jsonb durch CAST(:state AS jsonb) ersetzt (SQLAlchemy-Fix)
- snake_case/camelCase-Mapping fuer Backend-Response (NaN-Datum-Fix)
- projectInfo wird beim Laden vom Backend geholt (Header zeigt Projektname)
- API-Client erzeugt sich on-demand (Race-Condition-Fix fuer Projektliste)
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Jeder Tenant kann jetzt mehrere Compliance-Projekte anlegen (z.B. verschiedene
Produkte, Tochterunternehmen). CompanyProfile ist pro Projekt kopierbar und
danach unabhaengig editierbar. Multi-Tab-Support via separater BroadcastChannel
und localStorage Keys pro Projekt.
- Migration 039: compliance_projects Tabelle, sdk_states.project_id
- Backend: FastAPI CRUD-Routes fuer Projekte mit Tenant-Isolation
- Frontend: ProjectSelector UI, SDKProvider mit projectId, URL ?project=
- State API: UPSERT auf (tenant_id, project_id) mit Abwaertskompatibilitaet
- Tests: pytest fuer Model-Validierung, Row-Konvertierung, Tenant-Isolation
- Docs: MKDocs Seite, CLAUDE.md, Backend README
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Logo-Klick fuehrt zurueck zur Startseite (Neues/Bestehendes Projekt)
- Neue projectVersion im SDK State (inkrementiert nur bei explizitem Speichern)
- Header zeigt Firmenname + V001-Format statt auto-inkrementierende Sync-Version
- Sidebar Logo von Link auf Button umgestellt mit customerType-Reset
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Benjamin Admin